Home page logo
/

basics logo Security Basics mailing list archives

Re: Reseting root password Was: user name from security logs
From: Steven McIntosh <s.mcintosh () compserv gla ac uk>
Date: Thu, 02 Jun 2005 12:53:04 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Like wise, remove the "x", which references the shadow file, from the
root entry in the passwd file and hey presto. Instant access for root on
reboot with no password.

Robert Reed wrote:
yes there is a way to get control back..... I'm not clear if you are
referring to a Linux box or windows.... please clarify?

for windows boxes there are live Linux distros that will allow you to change
the admin password....... with Linux you can attack the shadow password file
and delete the admin password... then log on as root and create a new
password for the root account

----- Original Message ----- 
From: "Alexander Klimov" <alserkli () inbox ru>
To: "Emmanuel Goldstein" <goldstein101 () gmail com>
Cc: <security-basics () securityfocus com>
Sent: Tuesday, May 31, 2005 1:33 AM
Subject: Reseting root password Was: user name from security logs



On Sun, 29 May 2005, Emmanuel Goldstein wrote:

I have physical access to the computer and i can also access all hd's
files using a LiveCD linux distribution.

So, here's my question:  Is there anyway to change the admin password
and/or get the machine's control back?

Boot a LiveCD, mount the root partition:

mkdir /tmp/a; mount /dev/hda1 /tmp/a

chroot to it:

chroot /tmp/a

and change the password:

passwd

Depending of authentication method used you can do it more directly,
e.g., changing a line in /etc/shadow:

root:password-hash:....

to

root::....

-- 
Regards,
ASK



- --
Steven McIntosh
Information Systems Security Officer
Computing Service
James Watt North Building
University of Glasgow
Glasgow
G12 8QQ
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)

iD8DBQFCnvMg82gHNv0z+WwRAmDJAJ9ckquPxMGO8aCTXobgHYdwZx3yXgCfUNCN
UaHNUMH4+j+TUqLWqjUiPhM=
=NZWM
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault